[libvirt] [PATCH] qemu: Support for overriding NPROC limit

Eric Blake eblake at redhat.com
Tue Apr 5 15:28:00 UTC 2011


On 04/05/2011 08:09 AM, Jiri Denemark wrote:
> This patch adds max_processes option to qemu.conf which can be used to
> override system default limit on number of processes that are allowed to
> be running for qemu user.
> ---
>  src/qemu/libvirtd_qemu.aug      |    3 +++
>  src/qemu/qemu.conf              |    7 +++++++
>  src/qemu/qemu_conf.c            |    4 ++++
>  src/qemu/qemu_conf.h            |    2 ++
>  src/qemu/qemu_process.c         |   24 ++++++++++++++++++++++++
>  src/qemu/test_libvirtd_qemu.aug |    4 ++++
>  6 files changed, 44 insertions(+), 0 deletions(-)
> @@ -1821,6 +1842,9 @@ static int qemuProcessHook(void *data)
>  {
>      struct qemuProcessHookData *h = data;
>  
> +    if (qemuProcessLimits(h->driver) < 0)
> +        return -1;

Which UID is in effect at this point?  While setrlimit() adjusts an
inherited value, I'm a bit worried that tracks different limits per uid,
and if the call is made while the real uid is root instead of qemu, then
we might be affecting the wrong limit.  Does this call need to be
delayed until after the virSecurityManagerSetProcessLabel, or after we
are sure that we have changed identities?

But other than that question, the code looks sane, and I appreciate
seeing the augeas modifications, too.

-- 
Eric Blake   eblake at redhat.com    +1-801-349-2682
Libvirt virtualization library http://libvirt.org

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 619 bytes
Desc: OpenPGP digital signature
URL: <http://listman.redhat.com/archives/libvir-list/attachments/20110405/d9c12561/attachment-0001.sig>


More information about the libvir-list mailing list